[wp-trac] [WordPress Trac] #36260: WordPress failed in HP Fortify Scan
WordPress Trac
noreply at wordpress.org
Wed Mar 16 08:39:39 UTC 2016
#36260: WordPress failed in HP Fortify Scan
--------------------------+-----------------------------
Reporter: j4m35bond | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.4.2
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Dear Support,
Our WordPress project does not approve to go live due to a lot of XSS loop
hole as a scan result by <HP Fortify Scan>. Does WordPress provide any
security patch or updates to fix the loophole?
Is it valid that it is really a security threat?
Example report return by Fortify Scan:
wp-admin/js/press-this.js, line 291 (Cross-Site Scripting: DOM) Critical
Issue Details
Kingdom: Input Validation and Representation
Scan Engine: SCA (Data Flow)
Source Details
Source: Read response.data.redirect
From: lambda
File: wp-admin/js/press-this.js:291
-----------------------------------------------------------------
288 } else if ( response.data.redirect ) {
289 if ( window.opener && ( settings.redirInParent ||
response.data.force ) ) {
290 try {
291 window.opener.location.href = response.data.redirect;
292
293 window.setTimeout( function() {
294 window.self.close();
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36260>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list